<?PHP
session_cache_limiter('private, must-revalidate');
session_start();
include("std_dbs.php");

if(isset($_POST['logout']))
  {
    unset($_SESSION['logged_in']);
    unset($_SESSION['userid']);
    unset($_SESSION['fname']);
    unset($_SESSION['lname']);
    unset($_SESSION['zipcode']);
    unset($_SESSION['email']);
    unset($_SESSION['user']);
    unset($_SESSION['role']);
   
//    header('Location: index.php');
//    exit;
  }

if(isset($_POST['login']))
  {
    $_SESSION['user'] = addslashes($_POST['user']);
    $pass = addslashes($_POST['pass']);
    
    $query = "SELECT USERNAME, USERID, FNAME, LNAME, ZIPCODE, EMAIL FROM USERS WHERE LOWER(USERNAME)='".strtolower($_SESSION['user'])."'";
    $stid = oci_parse($connect, $query);
    oci_execute($stid);
    
    // there should be either 0 or 1 result
    $row = oci_fetch_array($stid, OCI_ASSOC);
    
    // non-existent user
    if(empty($row['USERNAME']))
      {
	echo "That username does not exist";
      } else
      {
	$_SESSION['userid'] = $row['USERID'];
	$_SESSION['fname'] = $row['FNAME'];
	$_SESSION['lname'] = $row['LNAME'];
	$_SESSION['zipcode'] = $row['ZIPCODE'];
	$_SESSION['email'] = $row['EMAIL'];
 

	// check if password is correct
	$salt = strtolower($_SESSION['user']);
	$sha = sha1(sha1($pass).$salt);


	$query = "SELECT USERID, PASSWORD, ROLE FROM AUTHENTICATE WHERE USERID='".$_SESSION['userid']."'";
	$stid_auth = oci_parse($connect, $query);

	if($stid_auth == FALSE)
	  {
	    echo '$stdid_auth is false';
	  } else
	  {
	    oci_execute($stid_auth);
	    oci_commit($connect);
	
	
	    $row = oci_fetch_array($stid_auth, OCI_ASSOC);
	
	    if(empty($row['PASSWORD']))
	      {
		echo "Something is terribly wrong";
	      } else
	      {
		if($row['PASSWORD'] == $sha)
		  {
		    // we're logged in
		    $_SESSION['logged_in'] = 1;
		    $_SESSION['role'] = $row['ROLE'];
			//set Users ->LoginIP
			$ip=$_SERVER['REMOTE_ADDR'];
			$query2 = "UPDATE Users SET LoginIP = '".$ip."' WHERE Username = '".$_SESSION['user']."'";
			$run = oci_parse($connect, $query2);
			oci_execute($run);
			
		  } else
		  {
		    echo "Wrong password";
		  }
	      }
	  }
      }
  }
if(isset($_SESSION['logged_in']))
  {
    echo "<h2>User Options</h2><br /><div style='position:relative; right:-15px;'><b><a href='account.php'>ACCOUNT INFO</a></b><br />";
    echo "<b><a href='addmovie.php'>ADD MOVIE</a></b><br /><b><a href='myfavorites.php'>MY FAVORITES</a></b><br />";
    echo "<b><a href='mylog.php'>MY LOG</a></b><br /><b><a href='mysubmissions.php'>MY SUBMISSIONS</a></b><br /><br />";
    echo '<form id="logout_form" method="POST">';
    echo '<input type="hidden" name="logout" value="1" />';
    if($_SESSION['role']==2)
	echo "<b><a href='admin.php'>ADMIN</a></b><br /><br />";
    echo '<input type="submit" value="Logout" /></div>';
  } else
  {
    echo '<h2>Login</h2> <br />';
    echo '<form id="login_form" method="POST">';
    echo '<div style="position:relative; right:-15px;">
          Username:<br /> <input type="text" name="user" /><br />
	  Password:<br /> <input type="password" name="pass" /><br />
          <input type="submit" value="Login" />
          <input type="hidden" name="login" value="1" />
          <a href="register.php">Register</a></div>';
    echo '</form>';
}

?>
